[Snort-devel] Large Packet Drop with SNort-2.9.80 as compared to Snort-

Nageswara Rao A.V.K (navk) navk at ...3461...
Mon Dec 14 22:13:51 EST 2015

Hi Dheeraj,
   We need more info to get in to conclusion.

Are you passing same traffic in both scenario’s??

Did you verify snort logs ??
You may know the reason for pkt drops.

We did not notice this problems in our observation.
More details may help us to analyze the problem.

Best Regards,

From: Dheeraj Gupta [mailto:dheeraj.gupta4 at ...2499...]
Sent: Monday, December 14, 2015 11:30 AM
To: snort-devel at lists.sourceforge.net
Subject: [Snort-devel] Large Packet Drop with SNort-2.9.80 as compared to Snort-

I just upgraded to Snort- from Snort- Before the upgrade one of my sensors showed (somewhat expected) packet drops. However, after the upgrade the packet drop increased significantly even though the number of rules decreased (as SO rules are not in use with I am still using Snort- rulesets (as advised by you).
Here is a snip from my snort.stats file for

For Snort-, the snip is

Looking at end-of-snort stats. This is for

Packet I/O Totals:
   Received:    804563792
   Analyzed:    388361098 ( 48.270%)
    Dropped:    298207658 ( 27.042%)
   Filtered:    415840607 ( 51.685%)
   Outstanding:       362087 (  0.045%)
   Injected:            0

And this is for

Packet I/O Totals:
   Received:     60969886
   Analyzed:     30035104 ( 49.262%)
    Dropped:       742645 (  1.203%)
   Filtered:     30927585 ( 50.726%)
   Outstanding:         7197 (  0.012%)
   Injected:            0
I have a longish BPF filter, so is the filtered count an indication of the amount of traffic which was filtered by that filter?
Also is dropped count a subset of analyzed count or received count? I ask this because it appears
received_count = analyzed + filtered
so dropped_count doesn't really fit in

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20151215/76cbbf83/attachment.html>

More information about the Snort-devel mailing list